From 346feba7bae1d9c414eda0d0c1e764385207821d Mon Sep 17 00:00:00 2001
From: Lyuben Penkovski <lyuben.penkovski@vereign.com>
Date: Fri, 11 Nov 2022 11:01:43 +0200
Subject: [PATCH] Add auth config option and attache authentication middleware
 for jwt tokens

---
 cmd/task/main.go          | 21 +++++++++++++++++----
 internal/config/config.go |  7 +++++++
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/cmd/task/main.go b/cmd/task/main.go
index 984f73a..b2d62ce 100644
--- a/cmd/task/main.go
+++ b/cmd/task/main.go
@@ -21,6 +21,7 @@ import (
 	"golang.org/x/oauth2/clientcredentials"
 	"golang.org/x/sync/errgroup"
 
+	"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/auth"
 	"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/graceful"
 	goahealth "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/task/gen/health"
 	goahealthsrv "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/task/gen/http/health/server"
@@ -74,6 +75,8 @@ func main() {
 	// create storage
 	storage := storage.New(db)
 
+	httpClient := httpClient()
+
 	// create an HTTP Client which uses an authentication token
 	// Create an HTTP Client which uses an authentication token.
 	// The token will auto-refresh as necessary.
@@ -95,7 +98,7 @@ func main() {
 		cfg.Executor.Workers,
 		cfg.Executor.PollInterval,
 		cfg.Executor.MaxTaskRetries,
-		httpClient(),
+		httpClient,
 		logger,
 	)
 
@@ -106,7 +109,7 @@ func main() {
 		cache,
 		cfg.ListExecutor.Workers,
 		cfg.ListExecutor.PollInterval,
-		httpClient(),
+		httpClient,
 		logger,
 	)
 
@@ -166,6 +169,16 @@ func main() {
 		openapiServer = goaopenapisrv.New(openapiEndpoints, mux, dec, enc, nil, errFormatter, nil, nil)
 	}
 
+	// Apply Authentication middleware if enabled.
+	if cfg.Auth.Enabled {
+		m, err := auth.NewMiddleware(cfg.Auth.JwkURL, cfg.Auth.RefreshInterval, httpClient)
+		if err != nil {
+			log.Fatalf("failed to create authentication middleware: %v", err)
+		}
+		taskServer.Use(m.Handler())
+		taskListServer.Use(m.Handler())
+	}
+
 	// Configure the mux.
 	goatasksrv.Mount(mux, taskServer)
 	goatasklistsrv.Mount(mux, taskListServer)
@@ -231,14 +244,14 @@ func httpClient() *http.Client {
 		Transport: &http.Transport{
 			Proxy: http.ProxyFromEnvironment,
 			DialContext: (&net.Dialer{
-				Timeout: 30 * time.Second,
+				Timeout: 10 * time.Second,
 			}).DialContext,
 			MaxIdleConns:        100,
 			MaxIdleConnsPerHost: 100,
 			TLSHandshakeTimeout: 10 * time.Second,
 			IdleConnTimeout:     60 * time.Second,
 		},
-		Timeout: 30 * time.Second,
+		Timeout: 20 * time.Second,
 	}
 }
 
diff --git a/internal/config/config.go b/internal/config/config.go
index cb00ecb..99d5411 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -4,6 +4,7 @@ import "time"
 
 type Config struct {
 	HTTP         httpConfig
+	Auth         authConfig
 	Mongo        mongoConfig
 	Policy       policyConfig
 	Executor     executorConfig
@@ -23,6 +24,12 @@ type httpConfig struct {
 	WriteTimeout time.Duration `envconfig:"HTTP_WRITE_TIMEOUT" default:"10s"`
 }
 
+type authConfig struct {
+	Enabled         bool          `envconfig:"AUTH_ENABLED" default:"true"`
+	JwkURL          string        `envconfig:"AUTH_JWK_URL"`
+	RefreshInterval time.Duration `envconfig:"AUTH_REFRESH_INTERVAL" default:"1h"`
+}
+
 type mongoConfig struct {
 	Addr string `envconfig:"MONGO_ADDR" required:"true"`
 	User string `envconfig:"MONGO_USER" required:"true"`
-- 
GitLab